Timeline for How to use QEMU/KVM virtual machine disk image on SMB/CIFS network share: Permission denied
Current License: CC BY-SA 4.0
15 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 1, 2020 at 6:35 | history | edited | A_blop | CC BY-SA 4.0 | Update 2 |
| Nov 30, 2020 at 22:16 | vote | accept | A_blop | ||
| Nov 30, 2020 at 20:13 | answer | added | rudib | timeline score: 5 | |
| Nov 30, 2020 at 20:01 | comment | added | rudib | I think I've unraveled the mystery: try using the nobrl mount option: mount -t cifs -o username=dave,vers=3.11,nobrl //nas/temp /media/nas/temp | |
| Nov 30, 2020 at 19:31 | comment | added | rudib | Have you tried uid=qemu,gid=root and uid=root,gid=root as mount options yet? Other ideas: do you have enough free space on the server? you could try enabling cifs debugging maybe there's a hint to be found there. When I find the time, I'll see if I can get it working on my selinux setup. | |
| Nov 30, 2020 at 18:40 | history | edited | A_blop | CC BY-SA 4.0 | Add update |
| Nov 30, 2020 at 18:30 | comment | added | A_blop | Btw: I also can create images in other local folders, not just /var/lib/libvirt/images/. There must be something different, when on the mounted network path. | |
| Nov 30, 2020 at 18:28 | comment | added | A_blop | No, I only could find the permission denied error as shown above in the logs. It seems, it is not AppArmor's fault - I experimentally disabled it via systemctl stop apparmor, with same result. Also nothing about DENIED operations of libvirt via cat /var/log/syslog | grep DENIED | grep libvirt. | |
| Nov 30, 2020 at 14:15 | comment | added | rudib | Ah sorry I missed the apparmor. In selinux, it seems to actually be just a flag. I'm not sure about apparmor. You might have to update the profile - but if there are no errors... Have you checked dmesg too? Or something like audit.log? | |
| Nov 30, 2020 at 13:59 | comment | added | A_blop | @rudib thanks for the hints, appreciate it. As far as I know, Ubuntu comes with AppArmor installed (at least I don't have SELinux installed on this machine). And I could not find any specifics AppArmor errors with journalctl -xf, when repeating above steps. I also tried -o username=dave,vers=3.11,uid=root,gid=root,context="virt_image_t" //nas/temp /media/nas/temp, context="virt_image_t" seems to be ignored according to mount -l and unfortunately does not work (also with uid=dave,gid=dave). Hm, this seems to be more complicated than I thought. | |
| Nov 30, 2020 at 13:10 | comment | added | rudib | Also qemu:///system does not run as your user, you might have to change the share user to root (as in /var/lib/libvirt/images, which is the default directory for the system images) | |
| Nov 30, 2020 at 12:53 | comment | added | rudib | I think you can set context="virt_image_t" in the mount options. That might work (but will apply for the whole mount; I guess you'd need a dedicated mount for vm images...). | |
| Nov 30, 2020 at 12:46 | comment | added | rudib | I think this is a selinux issue. I'm not sure if you can use selinux with smb, but I think I've had the same error before. | |
| Nov 30, 2020 at 12:41 | review | First posts | |||
| Nov 30, 2020 at 13:40 | |||||
| Nov 30, 2020 at 12:39 | history | asked | A_blop | CC BY-SA 4.0 |